From bd67db96f10af39b217300859496457e40ea49fa Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Fri, 7 Mar 2014 19:51:13 +0100 Subject: [PATCH] 5505: FP: Array accessed out of bounds CheckBufferOverrun::checkFunctionParameter alreacy considered usage of a function parameter inside an if block as a special case. With the patch the same is done for switch statements. A test is added. Signed-off-by: Heinrich Schuchardt --- lib/checkbufferoverrun.cpp | 2 +- test/testbufferoverrun.cpp | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 5c7e88337..e54907111 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -688,7 +688,7 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &tok, unsigned int p // Check the parameter usage in the function scope.. for (const Token* ftok = func->functionScope->classStart; ftok != func->functionScope->classEnd; ftok = ftok->next()) { - if (Token::Match(ftok, "if|for|while (")) { + if (Token::Match(ftok, "if|for|switch|while (")) { // bailout if there is buffer usage.. if (bailoutIfSwitch(ftok, parameter->declarationId())) { break; diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index b60247f3c..1093db008 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -2774,6 +2774,17 @@ private: " f(a);\n" "}"); ASSERT_EQUALS("", errout.str()); + + check("void f(int a[]) {\n" + " switch (2) {\n" + " case 1:\n" + " a[1] = 1;\n" + " }\n" + "}\n" + "int a[1];\n" + "f(a);\n" + ""); + ASSERT_EQUALS("", errout.str()); } void possible_buffer_overrun_1() { // #3035